EU Still Asking For The Impossible (And The Unnecessary): 'Lawful Access' To Encrypted Material That Doesn't Break Encryption
from the security-through-encryption-and-security-despite-encryption dept
A few months ago, Techdirt wrote about a terrible bill in the US that would effectively destroy privacy and security on the Internet by undermining encryption. Sadly, that’s nothing new: the authorities have been whining about things “going dark” for years now. Moreover, this latest proposal is not just some US development. In an official document obtained by Statewatch (pdf), the current German Presidency of the Council of the European Union (one of the key organizations in the EU) has announced that it wants to move in the same direction (found via Netzpolitik). It aims to prepare:
an EU statement consolidating a common line on encryption at EU level in the area of internal security to support further developments and the dialogue with service providers. It should seek to find a proper balance between the protection of privacy, intellectual property protection and lawful law enforcement and judicial access, thereby stressing security through encryption as well as security despite encryption
In other words, the EU is still chasing the unicorn of “lawful access” to encrypted material without somehow breaking encryption. An accompanying unofficial “note” from the European Commission services lists some of what it calls “key considerations”, but these are still chasing that unicorn without explaining how that can be done (pdf):
Technical solutions constituting a weakening or directly or indirectly banning of encryption will not be supported.
Technical solutions to access encrypted information should be used only where necessary, i.e. where they are effective and where other, less intrusive measures are not available. They must be proportionate, used in a targeted and in the least intrusive way.
Slightly more detail about the options is found in another unofficial note exploring “Technical solutions to detect child sexual abuse in end-to-end encrypted communications” (pdf). Most of the solutions involve installing detection tools on the user’s device. That can be circumvented by using devices without the detection software, or using a service that does not install them. Perhaps the most interesting technical approach involves on-device homomorphic encryption with server-side hashing and matching:
In this solution, images are encrypted using a carefully chosen partially homomorphic encryption scheme (this enables an encrypted version of the hash to be computed from the encrypted image). The encrypted images are sent to the [online service provider] server for hashing and matching against an encrypted version of the hash list (the server does not have the homomorphic encryption keys).
But this only works for services that implement such a scheme, and it only applies to existing images, not general messages or even videos. Moreover, the technology to implement such an approach is still under development.
Essentially, the EU, like the US, is telling people to “nerd harder”, and come up with a solution that allows lawful access, but does not break encryption. Since hard nerding for many decades has failed to produce a way of doing that, maybe it’s time for the authorities to accept that it just can’t be done. The good news is that doesn’t matter. Techdirt has been explaining why for years: there are encryption workarounds that mean law enforcement and others can get what they need in other ways. Indeed, one of the EU papers mentioned above provides perhaps the best example of this approach (pdf):
The recent dismantling of the EncroChat network in a joint investigation coordinated by Eurojust and Europol shows the degree to which those involved in criminal activity utilise all available technology, such as crypto telephones, which go well beyond publicly available end-to-end encrypted services.
Although it cites the case of EncroChat — a Europe-based encrypted mobile network widely used by organized crime there — in an attempt to prove how serious the problem is, it actually does the opposite. As the detailed explanation of how EU police managed to hack into the network and place malware on handsets explains, breaking the encryption proved irrelevant, because the authorities found a workaround.
The EncroChat bust demonstrates something else that is generally overlooked. It is already clear that far from going dark, the authorities today have access to unprecedented quantities of useful information that can be used to track down suspects and prevent crimes. That’s from things like social media and e-commerce sites. But as the EncroChat materials show, when criminals use closed, encrypted channels to communicate, they paradoxically open up, speaking freely about their past, present and future crimes, naming names, and giving detailed information about their activities. That means it’s actually in the interest of the authorities to allow criminals and terrorists to use encrypted services. When workarounds are found, these hitherto secret channels provide greater quantities of high-quality intelligence than would ever be obtained if people knew their communications had backdoors and were therefore not safe.
Follow me @glynmoody on Twitter, Diaspora, or Mastodon.
Filed Under: encryption, eu, going dark, law enforcement, lawful access
Comments on “EU Still Asking For The Impossible (And The Unnecessary): 'Lawful Access' To Encrypted Material That Doesn't Break Encryption”
basically, the seed that the US sowed is still being nurtured by other countries. the whole aim is to remove as much freedom and privacy and as many protections as possible (all of them?) from ordinary people, making the whole planet, basically, a complete fascist dictatorship! i dont think there is a single government in a single country that doesn’t want to know everything about everyone, everywhere, while still maintaining absolute secrecy and immunity for themselves and their friends! this is what has been fought against in world wars! it is what freedom is supposed to be about! it’s what democracy is supposed to be about! what the fuck is happening to the world? the wealthy ‘few’ have always wanted their way, to be dictators over a world inhabited by none except slaves. they are closer to achieving that now than ever before! when security services do as these ‘few’ want instead of protecting and serving the masses, prefering to kill them, what hope have we got?
As the basic definition of encryption is to prevent other than intended recipients from decrypting messages, enabling law enforcement access to messages is by definition an weakening of encryption.
Pining after impossible fantasy solutions is a waste, but still so much better than the security disaster of stupidly trying to ban encryption.
Someone needs to tell these idiots that if they can’t install a backdoor in their homes that only “good” people can use, they also can’t do it on phones.
"Technical solutions constituting a weakening or directly or indirectly banning of encryption will not be supported."
So… you won’t be requiring any kind of backdoor, or mandating that certain encryption providers are used in order to block FOSS solutions? Good to know.
"The recent dismantling of the EncroChat network in a joint investigation coordinated by Eurojust and Europol shows the degree to which those involved in criminal activity utilise all available technology, such as crypto telephones, which go well beyond publicly available end-to-end encrypted services."
So.. since that happened without any need to install backdoors or otherwise change the encryption methods available to the law-abiding general public, the answer is to keep things as they are? Again, good to know.
Encryption for dummies:
Hold up a padlock, say "Pretend that this lock is indestructible and unpickable. Only this key will open it. How would you redesign it to allow the police to be able to open it without the key and without making it any weaker?"
"For the sake of your protection, we want to remove all of your protection."
Anything is easy when you're not the one required to do it
Ah, gotta love the politicians who insist that it’s absolutely possible to do the equivalent of, without changing math in any way, make two plus two equal thirty-one thousand, nine-hundred and forty-two if only those mathematicians would nerd harder.
Part of the problem is that the two parties (mathematicians and politicians–clueful and clueless, respectively, in the relevant field of knowledge) use different languages. To a politician, "I can’t" means "I don’t wanna" or "my support would plummet if I did". To a mathematician, "I can’t" means "it would go against the whole design of the universe."
Perhaps it would be better to say it this way:
"I have proven that creating a backdoor only the police can use is trivial. However, I need some help from the politicians. My method requires for 2+2 to be equal either 5 or 17. If you can pass a law changing the value of 2+2, we can use that to provide the method you need.
"My associate in the quantum computing research field says he can implement my method, provided only that strange quarks be made lighter than top quarks. This also will require implementing legislation.
"We’ve gone as far as we can with the tools at our disposal. The ball is in your court. Either option is equally acceptable to us."
(Note to the conscientious lobbyist: a logician will confirm that these statements are all absolutely "true" in the strictest mathematical sense.)
You underestimate the willful stupidity of legislators.
Re: Re: Re:
"You underestimate the willful stupidity of legislators."
That example shows one crank, nothing like that…
<looks at current crops of US and EU politicians>
…OK, we might be screwed. I’m not sure how future generation will cope with having to use 2+2=5 as the basis of math.
Now I think of it, every year there’s some politician falling for (factually correct) health warnings about dihydrogen monoxide or hydroxic acid and tries to have it banned from public consumption and sale…
Re: Re: Re: Re:
Judicious banning of DHMO from select politicians would be a (cruel but) efficient way to improve our political situation.
(I might be willing to support any DHMO ban as long as it’s applied/enforced on all federal employees, agents/etc for 1 year before the rest of the citizens :p, or ‘/s’ for those who need it to sleep at night)
i don’t see how this can’t conflict with their gdpr.
how about ways to combat child sexual abuse in meatspace, morons?
That would require them to do work, much easier to just dump it all on the tech companies and complain when they don’t solve the problem.
That would expect them to accomplish work, a lot simpler to simply dump everything on the tech organizations and grumble when they don’t tackle the issue.
This comment has been flagged by the community. Click here to show it.
curtains and blinds dubai
Founded just a few years ago, we have grown fast to become one of Dubai’s premier curtain making firms. We specialize in making unique blinds and curtains. Our team of designers has worked with a variety of clients all of whom were highly impressed by the bespoke designs and the professionalism of our staff. Our staff work as a team from start to finish, ensuring that we meet your expectations in terms of design and timeliness. Apart from making curtains and blinds, we also provide various soft furnishing services such as sofa, headboard re-upholstery and bedspread supply.
We are an English run business with over 10 years of experience in the textile market. Our team of professionals will make sure that your new blinds or curtains perfectly fit your window and that the design merges perfectly with the surrounding environment.
Our new website has photos and pages describing various types of designs and styles that we specialize in. Feel free to browse and contact us the moment you see something you like. We not only make and install blinds and curtains for residential properties, but also do the same for offices and other work spaces.
to more reviews visit our link :http://curtains-abudhabi.com/
Re: curtains and blinds dubai
ironically this is excellent commentary on the EU’s position
shy asian brides
Learn to parents After Your Husband Dies
BlogsCelebrating LifeComforting WordsSincere CondolencesTools for Tough TimesWidow you can buy, every BlogsQ. How can I deal with every detail I must handle now that my husband is no longer here? He died weeks ago, And I seem like I’m drowning. take place other women do it?Having to you must do everything yourself, the particular tasks that "your ex boyfriend" Used to fund, Is one of the major challenges of widowhood. lamentably, Many of us flounder from seemingly endless details we must handle, Rather than ask friends for aid. We shouldn’t be a "stress" To others or get them feel forced to help. (We somehow forget that these people are perfectly capable of saying "n’t any" If they can’t or wouldn’t like to assist.) Or we don’t need to "have" folks, Although often we’re simply trying for wise advice, Another perspective or info on "Working the device, be it Social Security, The veterans Affairs, Or the Department of autos. not unusual, exceedingly, To associate needing help with laziness or addiction. conversely, Asking for help is a way to empower yourself, exact same time.In my own personal case, I increasingly assembled a kind of unofficial "core" folks I could call on. I spread my requests included in this, So that no one person would feel taken advantage of. I learned that strategy from a dear friend who used it after a difficult divorce. It worked for my child and for me, very same.that is correct, It helps if you have resources such as friends or acquaintances who have expertise you need, Such as legal or insurance packages advice. But often you don’t take stock of the time you have. a great way to do that is to ask yourself, "Who do I know who might become familiar with, And take an inventory. If someone do not have the answer for you, He or she may know a different who does. The most unlikely people can wind up being tremendously helpful, Whether you need further instruction cleaning out your husband’s closets, A good accountant or someone to pick [url=https://www.bestbrides.net/how-to-tell-if-a-woman-likes-you-based-on-her-zodiac-sign/%5Dhow to know if a libra woman likes you[/url] you up at the dentist’s office after an activity involving anesthesia.I found that inquiring for and receiving help was like a muscle I had to massage. I had to just make myself at first, But I grew more and more confident each time. I is usually helpless to fix the faucet, But I could find other people who knew how. you can as well. Ask and ye shall grab.